216 Incident Response jobs in Singapore

Responsibilities:

• Deliver data centre operations support across multiple data centres

• Respond to all alarms/alerts set in Data Center Infrastructure Management (DCIM), Server Automation Operations System (SAOS), CCTV, Access Control Systems (ACS), and other functions (EHS, Security, etc),

• Provide deep understanding and intelligence of the criticality and impact of the incidents to the resolver groups.

• Ensure detailed records of alarm handling activities, including actions taken, resolutions in ticketing tools and file incident reports.

• Be available to coordinate as an incident commander in event of an issue.

• Support program managers and facilitate project deliverables, improve overall operational and engineering initiatives.

• Conduct root cause analysis (RCA) to determine recurring problems to their source.

• Employ in-depth questioning and analysis techniques such as five whys to determine the underlying cause of the incident or problem.

• Handle ticketing system

• Perform duties in compliance with SOP.

Requirements:

• Diploma/Degree in Information Technology.

• 2 years+ experience in command center, service center, or similar 24x7 operations center environment

• Ability to quickly triage multiple incidents and assign the right priority based on risk and confidence levels

• Knowledge of technical elements associated with systems such as IP Networks, DC Environment and Server Health.

• Outstanding verbal and written communication skills required, work with minimal direction, meeting goals, attention to details and an eye for continuous improvements

• Ability to successfully interact at all levels of the organization, including with clients, while functioning as a team player required.

• Basic working knowledge of data protection policies such as GDPR and the need to keep sensitive information secure.

Press Tab to Move to Skip to Content Link
Select how often (in days) to receive an alert: Create Alert
At Tetra Pak we commit to making food safe and available, everywhere; and we protect what's good – protecting food, protecting people, and protecting the planet. By doing so we touch millions of people's lives every day.
And we need people like you to make it happen.
We empower you to reach your potential with opportunities to make an impact to be proud of – for food, people and the planet.
The Incident Response (IR) Lead leads a 24/7 virtual team who monitor and respond to ISIRT major incidents. This role requires management of Incident Response activities and team communication with SOC analysts, SME and other IT technical personnel. This role is also required to work closely with stakeholders and cybersecurity’s leadership team. Additionally, the Incident Response Lead will ensure staff members prioritize their work related to suspected and confirmed incidents, which may vary in severity and impact. The Incident Response Lead will direct analysts to investigate, validate, remediate and communicate known details about the incident and is a point of contact for escalation.
Due to coverage requirements, this is a permanent position based in a country within the Asia time zone.
What you will do
Role and responsibilities:
The Incident Response Lead will analyze and organize to help the team rank complex work. As a central figure, Incident Response Lead brings order to a fast-paced, constantly evolving operation. Incident Response Lead to enforce policies, playbooks and methodologies, which have been adopted for the best course of action.
Personal, organizational, communication and analytical skills are vital, as well as the ability to communicate effectively with cybersecurity leadership. This role requires technical aptitude, and managers are also expected to be adept at working well with people who will be under stress and subject to burnout.
Key Responsibilities:

• Manage a team of incident responders for ISIRT response and interact with cybersecurity leadership and business stakeholders.
• Coordinate and ensure ISIRT incidents are prioritized at all hours of the day.
• Implement a cross-functional team of analysts working closely with cybersecurity, IT and developers.
• Serve as a point of escalation and incident commander.
• Review ISIRT incidents that may be related to ransomware, host compromise, account compromise, phishing, anomalous user behavior, third parties and data leakage.
• Ensure the ISIRT response team is following processes embraced by leadership and adhering to best practices.
• Measure and give feedback to the team to improve mean time to respond, key performance indicators (KPIs) and service-level objectives.
• Proactively adjust to upcoming company changes affecting the operation to modify ISIRT response processes.
• Possess advanced knowledge of attackers’ methods of escalation; lateral movement; and tactics, techniques and procedures.
• Present incident analysis and trend reporting to leadership, highlighting KPIs.
• Review events and process effectiveness and make recommendations for change to leadership.
• Require participation in ISIRT tabletop exercises designed to identify gaps, improve skills, enhance communication and engage with key stakeholders.
• Oversee IR playbooks, policies, procedures and guidelines to ensure they align with industry best practices.
• Collaborate with infrastructure, IT, vulnerability, threat intelligence and application security leads.
• Participate in monitoring internal and external events and stay tightly aligned with infrastructure and third-party, hosted, on-premises and end-user systems.
• Review and communicate ISIRT incident details from initial investigation through root cause analysis and post-mortem.
• Maintain operational rigor and recognize when team members need time away to refocus and refresh.
• Identify strengths and weaknesses in ISIRT team members and provide training to improve skills and knowledge.
• Remain current with emerging threats and share knowledge with colleagues to improve incident response. Perform other duties as assigned.

We believe you have
Strong organizational and team management skills are required to excel in this role, as well as previous experience in security administration, IR and security operations center (SOC) roles.
Seven-plus years’ experience in security administration and SOC, with three-plus years’ security IR.
Demonstrated experience leading people both in person and remotely distributed.
Self-aware and capable of remaining calm under intense pressure.
Strong written and oral communication skills across varying levels of the organization.
Excellent judgment and the ability to make quick decisions when working with complex situations.
Organized, with the ability to prioritize and respond within defined SLAs and maintain composure.
Understanding of threats and vulnerabilities, as well as principles of ISIRT incident response and chain of custody.
Knowledge with multiple solutions such as security orchestration, automation and response; SIEM; threat intelligence platform; directory services; malware sandboxes; vulnerability management; MITRE ATT&CK; IR playbooks; and endpoint/extended detection and response
Generally familiar with one or more but not limited to: NIST, ISO 27001, NIS 2, CRA
Track record of acting with integrity, taking pride in work, seeking to excel, and being curious and flexible.
High degree of integrity, trustworthiness, professionalism and character.
Education Requirements:
Bachelor’s degree preferred in cybersecurity, computer science, engineering or related field.
Certification in CRISC, CISSP, CISA, CISM will be a plus.
We Offer You
A variety of exciting challenges with ample opportunities for development and training in a truly global landscape
A culture that pioneers a spirit of innovation where our industry experts drive visible results
An equal opportunity employment experience that values diversity and inclusion
Market competitive compensation and benefits with flexible working arrangements
Apply Now
If you are inspired to be part of our promise to protect what’s good; for food, people, and the planet, apply through our careers page at .
If you have any questions about your application, please contact
Ephraim Kwa .
Diversity, equity, and inclusion is an everyday part of how we work. We give people a place to belong and support to thrive, an environment where everyone can be comfortable being themselves and has equal opportunities to grow and succeed. We embrace difference, celebrate people for who they are, and for the diversity they bring that helps us better understand and connect with our customers and communities worldwide.
#J-18808-Ljbffr

• Engage in digital forensics and incident response efforts, including investigating complex and large-scale cyberattacks. This includes analyzing logs, performing host and network forensics, and examining malicious software.
• Take part in proactive threat hunting operations, identifying advanced threats and targeted attacks within client environments, and support security evaluations and simulation exercises.
• Detect and analyze indicators of compromise (IOCs) and understand adversaries’ tools, techniques, and procedures (TTPs) to determine the occurrence and impact of security breaches.
• Enhance and apply tools and processes to strengthen the organization's capabilities in investigation and threat detection.
• Work closely with internal IT and cybersecurity teams throughout the course of an investigation.
• Produce detailed and professional reports summarizing investigation findings and insights.

Engage in digital forensics and incident response efforts, including investigating complex and large-scale cyberattacks. This includes analyzing logs, performing host and network forensics, and examining malicious software.
Take part in proactive threat hunting operations, identifying advanced threats and targeted attacks within client environments, and support security evaluations and simulation exercises.
Detect and analyze indicators of compromise (IOCs) and understand adversaries’ tools, techniques, and procedures (TTPs) to determine the occurrence and impact of security breaches.
Enhance and apply tools and processes to strengthen the organization's capabilities in investigation and threat detection.
Work closely with internal IT and cybersecurity teams throughout the course of an investigation.
Produce detailed and professional reports summarizing investigation findings and insights.
#J-18808-Ljbffr

Get AI-powered advice on this job and more exclusive features.

At Palo Alto Networks everything starts and ends with our mission: Being the cybersecurity partner of choice, protecting our digital way of life. Our vision is a world where each day is safer and more secure than the one before. We are a company built on challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.

We take our mission of protecting the digital way of life seriously. We are relentless in protecting our customers and we believe that the unique ideas of every member of our team contributes to our collective success. Our values were crowdsourced by employees and are brought to life through each of us everyday - from disruptive innovation and collaboration, to execution. From showing up for each other with integrity to creating an environment where we all feel included.

As a member of our team, you will be shaping the future of cybersecurity. We work fast, value ongoing learning, and we respect each employee as a unique individual. Knowing we all have different needs, our development and personal wellbeing programs are designed to give you choice in how you are supported. This includes our FLEXBenefits wellbeing spending account with over 1,000 eligible items selected by employees, our mental and financial health resources, and our personalized learning opportunities - just to name a few!

At Palo Alto Networks, we believe in the power of collaboration and value in-person interactions. This is why our employees generally work full time from our office with flexibility offered where needed. This setup fosters casual conversations, problem-solving, and trusted relationships. Our goal is to create an environment where we all win with precision.

Your Career
As a Principal Consultant in Unit 42 the individual will be responsible for managing incident response engagements with our largest clients and in our most complex engagements. They will become the go-to expert for clients during high-priority incident response, remediation, and recovery phases, providing both strategic guidance and technical oversight, while also focusing on product integration. The role requires in-depth cybersecurity expertise to enable serving as an incident commander throughout the incident response lifecycle.

While actively involved in incident response service delivery, this person also works with peers and the executive team to enhance Unit 42’s incident response practice, including developing and improving the technical and operating methodologies employed during incident response engagements.

We are seeking an individual who is dedicated to delivering highly technical consulting services to an exceptional standard, thrives in a fast paced team environment, and advocates for innovative approaches to deliver the best outcomes for our cross-sector clients.

• Lead the team delivering high-profile, high-stakes enterprise level incident response engagements
• Provide hands-on, expert-level incident response services to clients and deliver findings to CxO and/or Board of Directors
• Partner with Unit 42 Directors, executive team and service line leaders to develop and execute strategy for the Unit 42 DFIR practice, and continuously advance the maturity of our services
• Drive innovation in Unit 42’s reactive offerings, by leading the consulting team and collaborating with cross-functional teams to bring new capabilities and services to market that leverage Palo Alto Networks products
• Ensure the consistency and quality of our services and highest level of customer service
• Integrate threat intelligence into our services by deepening the feedback loop with Unit 42 Threat Intelligence team and telemetry
• Recruit and onboard world class Incident Response talent to support our growth goals
• Support the professional growth and development of our consultants through training and technical enablement
• Foster and maintain a culture that attracts and retains smart, kind team members dedicated to executing with excellence
• Identify and execute strategies for service development, enablement, and process that result in the pull through of Palo Alto Networks products
• Cultivate and maintain relationships with key clientele to increase awareness of Unit 42’s capabilities and provide on-demand expertise for client needs
• Amplify Unit 42s’ presence and credibility in the marketplace through thought leadership, including via speaking engagements, articles, whitepapers, and media exposure

Your Experience

• 6 years of hands-on professional experience in incident response, with 3 years experience in client-facing consulting roles.
• Demonstrated prior experience and success in leading multi-site, large scale incident response engagements, including scoping work, managing incident response engagements end-to-end and providing guidance on tactical and longer term remediation recommendations
• Experience in managing, leading and motivating consultants at all levels
• Experience as a team leader including overseeing other senior, and mid-level analyst/consultant teams
• Ability to travel as needed to meet business demands
• Able to split your time across commercial support, client delivery, team coaching, and technical expertise and skills maintenance activities.
• Strong presentation, communication, and presentation skills with verifiable industry experience communicating at CxO and/or Board of Directors level
• Expert level of knowledge of applicable laws, compliance regulations, and industry standards as it relates to privacy, security, and compliance
• Deep technical experience and operational understanding of major operating systems (Microsoft Windows, Linux, or Mac) and/or proficiency in host based forensics, network forensics and cloud incident response.
• Endpoint Detection and Response (EDR), threat hunting, log analysis,and triage forensics
• Collection and analysis of host and cloud based forensic data at scale.
• Client services mindset and top-notch client management skills
• Experienced-based understanding of clients’ needs and desired outcomes in incident response investigations
• Demonstrated writing ability, including technical reports, business communication, and thought leadership pieces
• Operates with a hands-on approach to service delivery with a bias towards collaboration and teamwork
• Track record of championing innovation and improvement initiatives for your area of expertise, identifying emerging trends and technologies and developing leading solutions to address client needs.
• Be a valuable contributor to the practice and, specifically develop an external presence via public speaking, conferences, and/or publications
• Have credibility, executive presence, and gravitas
• Able to have a meaningful and rapid delivery contribution
• Have the potential and capacity to understand all aspects of the business and an excellent understanding of PANW products
• Be collaborative and able to build relationships internally, externally, and across all PANW functions, including the sales team
• Bachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security, or equivalent years of professional experience or equivalent relevant experience or equivalent military experience required to meet job requirements and expectations.
• Professional industry certifications such as: GIAC Certified Forensic Analyst (GCFA), GIAC Certified Forensic Examiner (GCFE), GIAC Incident Handler (GCIH)

The Team

Unit 42 Consulting is Palo Alto Network's security advisory team. Our vision is to create a more secure digital world by providing the highest quality incident response, risk management, and digital forensic services to clients of all sizes. Our team is composed of recognized experts and incident responders with deep technical expertise and experience in investigations, data breach response, digital forensics, and information security. With a highly successful track record of delivering mission-critical cybersecurity solutions, we are experienced in working quickly to provide an effective incident response, attack readiness, and remediation plans with a focus on providing long-term support to improve our clients’ security posture.

Our Commitment

We’re problem solvers that take risks and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.

Who we are About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.

The Incident Response team is a global 24/7 team responsible for driving incident response and management from detection to resolution. Stripe is proud of its five 9s API reliability and this team is at the forefront of ensuring we keep it that way - working hand-in-hand with Reliability Eng and across the Tech Org. This team of incident response managers (IRM) is defined by our sense of ownership and how we drive incidents to resolution - marshaling the necessary cross-functional resources to respond to and resolve service outages, critical bugs, security attacks and anything that significantly impacts the users of our products. The team is user-first and ensures appropriate external communications from Stripe and senior management to keep our users informed of disruption to their experience of Stripe. The team is highly skilled in incident troubleshooting, program management, incident classifications, incident communications, incident escalation and technical adeptness as incidents can arise from anywhere and cut across products and orgs in Stripe.

This position entails leading and optimizing Stripe's incident management processes and automation, ensuring efficiency and adherence to stringent incident response metrics. As the head of the incident response team, you will establish and maintain a best-in-class incident response framework, upholding the reliability standards expected of Stripe. Responsibilities include but are not limited to incident classification, escalation, and notification management, along with accountability for key incident response metrics (TTx). You will generate actionable insights to drive continuous improvement, collaborating with engineering leadership to refine incident detection, response, user communication, and tooling efficacy. Leadership and development of a highly effective 24/7 global incident response management team, characterized by urgency, programmatic ownership of incidents and communications, and the capacity to engage engineering teams, are crucial. Additionally, you will manage incident communications across multiple channels for executive and end-user audiences, and identify automation opportunities to streamline incident response workflows, thereby safeguarding users and minimizing disruption to their operations.

• Lead the global 24/7 team of regional managers and incident response managers with ability to be hands-on and support frontline on-call with speed, cross-functional collaboration and escalation
  
• Develop and own Stripe's incident response and management strategy and cross-functional roadmap, ensuring it aligns with the company's reputation for reliability.
  
• Spearhead and manage Stripe's AI-First strategy for automation of incident response workflows, partnering with the engineering team to implement required tooling enhancements.
  
• Enhance Stripe's incident response by leading and implementing improvements derived from analyzing user-facing incidents and extracting actionable insights and learnings.
  
• Collaborate closely with executive leadership, engineering, and operations teams to lead significant programs and reshape workflows and metrics concerning reliability and incident operations.
  
• Manage relevant TTx metrics, particularly those related to communication and escalation. Collaborate with engineering leadership to implement necessary improvements for each metric.
  
• Develop user-focused metrics and data to guide Stripe's incident response, reliability strategy, and user communications (including RCAs), ensuring impactful decision-making.
  

We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.

• 5+ years of management experience, including 2+ years of experience managing managers with a proven record in building, growing and transforming teams.
  
• Extensive experience (4+ years) leading incident response for complex, large-scale distributed services with high SLOs/SLAs, coupled with deep expertise in crisis management.
  
• Demonstrated ability to lead, influence other leaders and deliver complex strategic projects involving multiple stakeholders
  
• Strong analytical skills, and the ability to use data to drive business decisions
  
• Possesses proficiency in basic incident troubleshooting and a reasonable understanding of system architecture. Fluent in using SQL, Splunk, or similar query languages.
  
• Exceptional communication abilities, capable of adapting incident updates for diverse audiences (executives, external users, internal teams).
  
• Affinity for a fast paced work environment, crafting strategic and rapid fixes to high intensity problems with a keen eye for detail and a high bar for quality
  
• Comfort navigating ambiguity, while identifying areas for process improvement and establishing best practices
  

• Experience managing geographically dispersed teams
  
• Experience using infrastructure and application monitoring tools such as Prometheus, Sentry and others
  
• Experience in incident response at a high-growth technology company, preferably within the payments or e-commerce sectors.
  
• Proven ability to apply Agentic and Generative AI to revolutionize incident response, coupled with a strong grasp of current industry trends in the incident response domain.
  
• Demonstrated history of driving engineering and process enhancements to improve incident response efficiency within a rapidly expanding technology organization.
  

Office-assigned Stripes spend at least 50% of the time in a given month in their local office or with users. This hits a balance between bringing people together for in-person collaboration and learning from each other, while supporting flexibility about how to do this in a way that makes sense for individuals and their teams.

The annual salary range for this role in the primary location is S$208,000 - S$312,000. This range may change if you are hired in another location. For sales roles, the range provided is the role’s On Target Earnings (“OTE”) range, meaning that the range includes both the sales commissions/sales bonuses target and annual base salary for the role. This salary range may be inclusive of several career levels at Stripe and will be narrowed during the interview process based on a number of factors, including the candidate’s experience, qualifications, and specific location. Applicants interested in this role and who are not located in the primary location may request the annual salary range for their location during the interview process.

Specific benefits and details about what compensation is included in the salary range listed above will vary depending on the applicant’s location and can be discussed in more detail during the interview process. Benefits/additional compensation for this role may include: equity, company bonus or sales commissions/bonuses; retirement plans; health benefits; and wellness stipends.

Office locations

Singapore

Team

Infrastructure & Corporate Tech

Job type

Full time

Apply for this role

About Blackpanda

Blackpanda is Asia’s premier cyber crisis response firm, founded by former elite military special operations forces and cyber defense experts. Headquartered in Singapore, we specialize in incident response and digital forensics across the Asia-Pacific region.

Our mission is bold: to democratize cyber resilience by providing organizations of all sizes with best-in-class incident response and insurance solutions, ensuring they can operate securely and sustainably in an increasingly hostile digital world.

But we’re not stopping there.

We are building the world’s first Cyber In-Extremis Force (CIF) , a no-fail, elite digital crisis response unit modeled after the most advanced special operations capabilities in the world. Inspired by Tier-1 military readiness, our team doesn’t just respond to cyber threats.

We dominate them.

We live by the following core values:

• Sincerity : If we say we’ll do it, it’s as good as done.
• Unity: Debate fiercely, then commit fully. We all row in the same direction.
• Efficiency: Timing beats speed, precision beats power, and leverage beats strength.
• Humility: Humility forms the basis of honor. We listen, then we act, and then we listen again.
• Grit: We don’t sugarcoat setbacks or bad news. We face challenges head-on and don’t quit when things get tough.
  

Your Mission: Incident Responder

You will manage high-profile cybersecurity investigations, coordinate with executives, clients, and stakeholders, and guide organizations through their most urgent moments of digital crisis. This role demands exceptional hands-on technical ability, strategic leadership, and the calm, decisive mindset required in fast-moving, high-stakes environments.

But remember, this is the real world. Not every case will be complex or cinematic. Some will be routine. Others will be chaotic, even frightening—where you truly see how far many organizations are from real cyber resilience. You’ll realize that companies are not well-oiled machines; they’re messy, human, and often unprepared. Your mission is to bring clarity to that chaos, to lead with calm under fire, and to transform disorder into operational control.

You are not just technically sharp, but adaptable, open-minded, and ready to thrive under pressure. You’re someone who sees chaos as opportunity, who stays cool when others panic, and who finds solutions when the stakes are highest. Unlike traditional consulting environments, Blackpanda eliminates red tape in favor of speed, precision, and decisive action. We move fast. We train relentlessly.

And we deliver excellence. Every single time.

Core Responsibilities

• Lead and execute high-stakes cyber incident response investigations, ensuring rapid containment, eradication, and recovery in mission-critical environments.
• Analyze forensic artifacts, attacker TTPs, and malware across complex hybrid infrastructures: including Windows, Linux, macOS, and cloud platforms.
• Perform full-spectrum DFIR operations, including disk imaging, memory acquisition, log analysis, threat hunting, and lateral movement investigations.
• Utilize scripting languages (Python, Bash, PowerShell) to automate response workflows, simulate adversarial techniques, and enhance investigative efficiency.
• Communicate strategic insights and technical findings to clients, executives, regulators, and law enforcement with clarity, confidence, and precision.
• Collaborate with engineering and R&D teams to refine internal tools, enhance proprietary tech, and accelerate operational readiness.
• Coordinate directly with external stakeholders: including legal teams, insurers, vendors, and government agencies, throughout incident lifecycles.
• Partner with sales consultants to scope potential engagements, provide technical insight during pre-sales, and contribute to internal upskilling, ensuring our commercial team is equipped to position Blackpanda CIF capabilities with precision.
• Train, mentor, and uplift junior analysts, instilling elite tradecraft, professional discipline, and the Blackpanda standard of operational excellence.
  

Minimum Requirements – This Is Your Entry Ticket to CIF

• This role is open to Singaporean only.
• 3+ Years of Hands-On Experience in cybersecurity incident response, security operations as an analyst, digital forensics, or threat intelligence (consulting or in-house).
• Strong Technical Foundations across enterprise networks, security architecture, and cloud environments.
• Proficiency with Key DFIR Tools including EDR platforms, SIEMs, firewalls, and forensic toolkits (e.g., Splunk, ELK, SentinelOne, Checkpoint, Velociraptor, EnCase).
• Operating System Mastery – Comfortable navigating and investigating across Windows, Linux, and macOS environments.
• Scripting and Automation Skills – Proficient in at least one scripting language (Python, Bash, or PowerShell), with a mindset for automating workflows and simulating adversary behavior.
• Calm Under Fire – Proven ability to lead or contribute to high-pressure, customer-facing IR engagements with poise and precision.
• Communication – Able to translate complex technical findings into strategic guidance for senior stakeholders, boards, and regulators.

Preferred Qualifications – What Sets You Apart

• Certifications – GCFA, GNFA, GREM, OSCP, or equivalent.
• Real-World Adversary Experience – Deep exposure to ransomware/extortion cases, dark web intelligence, and threat actor tracking.
• OT/ICS Proficiency – Experience working in air-gapped or critical infrastructure environments.
• Builder Mindset – Demonstrated experience in building cybersecurity tools, writing custom scripts, or contributing to open-source security projects.
• Backgrounds of Honor – Prior experience in military, law enforcement, or intelligence agencies is a strong plus.

We know, it’s a big list. But we’re not here to check boxes. At Blackpanda, what matters most is your mindset: the grit, discipline, and calm-under-fire required to operate when others freeze. If you've been forged through experience, sharpened by adversity, and you're ready to push even further, we want you on this team.

Who we are
About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.

The Incident Response team is a global 24/7 team responsible for driving incident response and management from detection to resolution. Stripe is proud of its five 9s API reliability and this team is at the forefront of ensuring we keep it that way - working hand-in-hand with Reliability Eng and across the Tech Org. This team of incident response managers (IRM) is defined by our sense of ownership and how we drive incidents to resolution - marshaling the necessary cross-functional resources to respond to and resolve service outages, critical bugs, security attacks and anything that significantly impacts the users of our products. The team is user-first and ensures appropriate external communications from Stripe and senior management to keep our users informed of disruption to their experience of Stripe. The team is highly skilled in incident troubleshooting, program management, incident classifications, incident communications, incident escalation and technical adeptness as incidents can arise from anywhere and cut across products and orgs in Stripe.

This position entails leading and optimizing Stripe's incident management processes and automation, ensuring efficiency and adherence to stringent incident response metrics. As the head of the incident response team, you will establish and maintain a best-in-class incident response framework, upholding the reliability standards expected of Stripe. Responsibilities include but are not limited to incident classification, escalation, and notification management, along with accountability for key incident response metrics (TTx). You will generate actionable insights to drive continuous improvement, collaborating with engineering leadership to refine incident detection, response, user communication, and tooling efficacy. Leadership and development of a highly effective 24/7 global incident response management team, characterized by urgency, programmatic ownership of incidents and communications, and the capacity to engage engineering teams, are crucial. Additionally, you will manage incident communications across multiple channels for executive and end-user audiences, and identify automation opportunities to streamline incident response workflows, thereby safeguarding users and minimizing disruption to their operations.

• Lead the global 24/7 team of regional managers and incident response managers with ability to be hands-on and support frontline on-call with speed, cross-functional collaboration and escalation
  
• Develop and own Stripe's incident response and management strategy and cross-functional roadmap, ensuring it aligns with the company's reputation for reliability.
  
• Spearhead and manage Stripe's AI-First strategy for automation of incident response workflows, partnering with the engineering team to implement required tooling enhancements.
  
• Enhance Stripe's incident response by leading and implementing improvements derived from analyzing user-facing incidents and extracting actionable insights and learnings.
  
• Collaborate closely with executive leadership, engineering, and operations teams to lead significant programs and reshape workflows and metrics concerning reliability and incident operations.
  
• Manage relevant TTx metrics, particularly those related to communication and escalation. Collaborate with engineering leadership to implement necessary improvements for each metric.
  
• Develop user-focused metrics and data to guide Stripe's incident response, reliability strategy, and user communications (including RCAs), ensuring impactful decision-making.
  

We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.

• 5+ years of management experience, including 2+ years of experience managing managers with a proven record in building, growing and transforming teams.
  
• Extensive experience (4+ years) leading incident response for complex, large-scale distributed services with high SLOs/SLAs, coupled with deep expertise in crisis management.
  
• Demonstrated ability to lead, influence other leaders and deliver complex strategic projects involving multiple stakeholders
  
• Strong analytical skills, and the ability to use data to drive business decisions
  
• Possesses proficiency in basic incident troubleshooting and a reasonable understanding of system architecture. Fluent in using SQL, Splunk, or similar query languages.
  
• Exceptional communication abilities, capable of adapting incident updates for diverse audiences (executives, external users, internal teams).
  
• Affinity for a fast paced work environment, crafting strategic and rapid fixes to high intensity problems with a keen eye for detail and a high bar for quality
  
• Comfort navigating ambiguity, while identifying areas for process improvement and establishing best practices
  

• Experience managing geographically dispersed teams
  
• Experience using infrastructure and application monitoring tools such as Prometheus, Sentry and others
  
• Experience in incident response at a high-growth technology company, preferably within the payments or e-commerce sectors.
  
• Proven ability to apply Agentic and Generative AI to revolutionize incident response, coupled with a strong grasp of current industry trends in the incident response domain.
  
• Demonstrated history of driving engineering and process enhancements to improve incident response efficiency within a rapidly expanding technology organization.